CVE-2018-1273CISA KEVEPSS p99.9%
CVE-2018-1273CVE-2018-1273
broadcom / spring_data_commons
Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Scoring
| CVSS | 9.8 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 95.65% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z |
| Last modified | 2026-06-15 |
CISA KEV entry
Added to KEV: 2022-03-25
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | VMware Tanzu Spring Data Commons Property Binder Vulnerabilitykev-cve-2018-1273 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.